McAfee launches free anti-rootkit tool

Rootkit Detective is designed to help administrators detect hidden malicious code

Security vendor McAfee has released a free anti-rootkit tool.

Rootkit Detective, which has been in beta since January, will "help computer users clean their machines of increasingly prevalent hidden malicious code known as rootkits," McAfee said in a statement. Rootkit Detective was launched on Thursday.

Cybercriminals use rootkits to hide malware on compromised PCs. The use of rootkits is increasing rapidly, with 3,284 last year increasing to 7,325 in the first half this year, said McAfee. Since the initial beta release of Rootkit Detective in January, the application has been downloaded over 110,000 times, said the company.

"Rootkit Detective offers the most comprehensive rootkit-detection capabilities available today," said Ahmed Sallam, lead research architect at McAfee. "We have achieved extremely high levels of accuracy, using various techniques to find anything that hides itself on a computer."

According to McAfee, malicious rootkits, which are often custom-built, are sold on the black market. The software is often used to hide a backdoor on a computer that lets hackers access systems stealthily. They are typically email-borne. Signs of a rootkit compromise include sudden slowdowns and suspicious network activity.

Rootkit Detective lets administrators examine operating systems, uncovering hidden processes, registry entries and files, and lets users remove or disable these files upon system reboot.

McAfee has a disclaimer on its download site saying the tool should only be used by "knowledgeable individuals" to prevent deletion of vital files. The tool can also scan the integrity of a PC's kernel memory and display any modification, which may also point to a system compromise.

McAfee uses samples submitted by users of the free tool to develop anti-rootkit signatures for its paid-for security products.